Virus

Analysis

This threat is designed to attack Microsoft IIS servers across networks. It uses an exploit to gain access to the IIS server, and then install itself there. Once installed, it will seek other IIS servers across the network using a random IP generator. The exploit used by this worm is corrected using update patch MS01-044 from Microsoft.

Recommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

ID	323258
Released	Feb 23, 2005
Description Updated	Feb 23, 2005
Aliases	Bady.C, CodeRed.C, CodeRed.F
Platform Profile	Win32 file format / PE 32 bit

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

W32/CodeRedII

Analysis

Recommended Action

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/CodeRedII

Analysis

Recommended Action

Telemetry

Threat Intelligence
Center